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DETAILED ACTION 

1. Claims 1-21 are pending in the application. 

2. Claims 1-21 have been rejected. 

Response to Amendment 

3. The examiner approves the new abstract. The replacement abstract complies with the length 
requirement. 

Response to Arguments 

4. Applicant's arguments with respect to claims 1-21 have been considered but are moot in view 
of the new ground(s) of rejection. 

Claim Rejections - 35 USC §102 
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in a patent granted on an application for patent by another filed in the United 
States before the invention thereof by the applicant for patent, or on an international application by another who 
has fulfilled the requirements of paragraphs (1), (2), and (4) of section 371(c) of this title before the invention 
thereof by the applicant for patent. 

The changes made to 35 U.S.C. 102(e) by the American Inventors Protection Act of 1999 
(AIPA) and the Intellectual Property and High Technology Technical Amendments Act of 2002 
do not apply when the reference is a U.S. patent resulting directly or indirectly from an 
international application filed before November 29, 2000. Therefore, the prior art date of the 
reference is determined under 35 U.S.C. 102(e) prior to the amendment by the AIPA (pre-AIPA 
35 U.S.C. 102(e)). 
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5. Claims 1, 2, 5, 9, 10, 12, 16-19 and 21 are rejected under 35 U.S.C 102(e) as being 
anticipated by Cahill et al U.S. Patent No. 6,535,855 Bl. 

As to claims 1, 9 and 16, Cahill et al discloses a method for tracing a denial-of-service 
attack on a victim machine back towards its source, comprising steps of: 

operating a traceback program on at least one path to receive two input 
parameters, (a) an IP address (v) of the victim machine and (b) an IP address (r) 
of a router that is immediately upstream of the victim machine [column 45, lines 
47-65]; 

determining a set of routers that are neighbors (n) of r [column 49 line 61 
to column 50 line 15]; 

for each neighbor n of r, determining if r is n's next-hop for traffic 
addressed to v, or to a network that v is on, where node n's next-hop for traffic 
addressed to v is the IP address of the node that n will forward a packet to if the 
destination address in the packet is v [column 50, lines 21-46]. 

if r is not n's next-hop for traffic addressed to v, skip over n and query the 
next neighbor of r, while if r is n's next-hop for traffic addressed to v, determining 
an amount of traffic that n is forwarding to r that is addressed to v [column 53, 
lines 8-32]. 

after determining the identity of the neighbor n of r that is the principal 
source of packets flowing to r that are addressed to v, continuing one node further 
upstream from the determined neighbor n of r that is the principal source of 
packets flowing to r that are addressed to v, and continuing to traceback through 
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interconnected routers until a source of denial-of-service attack packets to v is 
determined or until further traceback is not possible [column 13, lines 47-55]. 

As to claims 2 and 10, Cahill et al discloses that the step of determining the set of 
neighbors comprises a step of sending at least one query to r to obtain information from a MIB 
that stores IP addresses of routers that are neighbors of r [column 53, lines 49-65], 

As to claims 5 and 12, Cahill et al discloses that the step of determining an amount of 
traffic comprises a step of sending at least one message to a neighbor router n for determining a 
count of packets that router n is sending to router r that are addressed to v or to a network on 
which v resides [column 54 line 62 to column 55 line 14]. 

As to claim 17, Cahill et al discloses that the steps of determining and querying each 
comprise a step of sending queries to the data communications network [column 54, lines 24-29]. 

As to claim 18, Cahill et al discloses that the step of querying comprises steps of: sending 
a first network message to a packet router for instructing the packet router to determine a number 
of packets that it is sending addressed to v. Cahill et al discloses sending a second network 
message to the packet router to query the packet router for the determined number [column 55, 
lines 28-55]. 

As to claim 19, Cahill et al discloses that the step of querying comprises a step of sending 
at least one message to a packet router for determining a number of packets being forwarded to 
or towards v [column 56, lines 6-13]. 

As to claim 21, Cahill et al discloses that the step of operating the traceback function 
operates the traceback function on a plurality of selected paths. Cahill et al discloses that a 
particular path is selected based at least on an amount of traffic flowing through the path 



Application/Control Number: 09/651,619 Page 5 

Art Unit: 2131 

traceback through interconnected routers until a source of denial-of-service attack packets to v is 
determined, or until further traceback is not possible [column 13, lines 47-55]. 

Claim Rejections - 35 USC §103 
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

6. Claims 3, 4 and 11 are rejected under 35 U.S.C. 103(a) as being unpatentable over Cahill 
et al U.S. Patent No. 6,535,855 Bl as applied to claims 1 and 9 above, and further in view of 
Li et al U.S. Patent No. 6,535,507 Bl. 

As to claims 3, 4 and 11, Cahill et al does not teach that the step of determining if r is n's 
next-hop for traffic addressed to v comprises a step of sending at least one query to router n. 
Cahill et al does not teach that the step of sending at least one query queries an IP Forwarding 
Table MIB of router n. 

Li et al teaches determining if r is n's next-hop for traffic addressed to v comprises a step 
of sending at least one query. Li et al teaches sending at least one query queries an IP 
Forwarding Table [column 6, lines 46-54]. 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified Cahill et al so that if it was determined that if r 
was n's next-hop for traffic addressed to v then a query would have been sent to router n. The 
query would have been an IP Forwarding Table of router n. 
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It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified Cahill et al, as described above, by the teaching of Li et al 
because it provides automated maintenance of translation tables which may be tailored to meet 
the operating policy of network managers that control respective domains [abstract]. 

7. Claims 6 and 13 are rejected under 35 U.S.C. 103(a) as being unpatentable over Cahill 
et al U.S. Patent No. 6,535,855 Bl as applied to claims 1 and 9 above, and further in view of 
Bhaskaran U.S. Patent No. 5,963,540. 

As to claims 6 and 13, Cahill et al does not teach a step of establishing a black hole host 
route to v as close as is possible to the source of the denial-of-service attack packets. 

Bhaskaran teaches establishing a black hole host route to v as close as is possible to the 
source of the attack [column 1, lines 53-67]. 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified Cahill et al so that there would have been a black 
hole host route as close as possible to the source of the attack. 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified Cahill et al, as described above, by the teaching of 
Bhaskaran because it helps reduce the amount of denial of service attack packets in the network 
[column 1, lines 25-39] 

8. Claims 7 and 14 are rejected under 35 U.S.C. 103(a) as being unpatentable over Cahill 
et al U.S. Patent No. 6,535,855 Bl as applied to claims 1 and 9 above, and further in view of 
Hughes U.S. Patent No. 6,636,509 Bl. 
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As to claims 7 and 14, Cahill et al does not teach a step of establishing a special host 
route to v using the same next hop as an existing route. Cahill et al does not teach that the 
special host route tracking changes in the existing route such that when a next hop for the 
existing route changes, the next hop for the host route changes similarly. 

Hughes teaches establishing a special host route to v using the same next hop as an 
existing route. Cahill et al does not teach that the special host route tracks changes in the 
existing route such that when a next hop for the existing route changes, the next hop for the host 
route changes similarly [column 6, lines 1 1-67]. 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified Cahill et al so that there would have been a 
special route using the same next hop as an existing route. The special host route would have 
tracked changes in the existing routes so that when a next hop for the exiting route changed, the 
next hop for the host route would have changed similarly. 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified Cahill et al, as described above, by the teaching of Hughes 
because by using special routes it reduces the amount of hops in the routing table [column 3, 
lines 6-29] 

9. Claims 8 and 15 are rejected under 35 U.S.C. 103(a) as being unpatentable over Cahill 
et al U.S. Patent No. 6,535,855 Bl as applied to claims 1 and 9 above, and further in view of 
Packer U.S. Patent No. 6,298,041 Bl. 

As to claims 8 and 15, Cahill et al does not teach a step of establishing a rate limit for 
packets addressed to v as close as is possible to the source of the denial-of-service attack packets. 
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Packer teaches establishing a rate limit for packets addressed [column 4 line 50 to column 
5 line 7]. 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified Cahill et al so that there would have been a rate 
limit for packets addressed to v as close as is possible to the source of the denial-of-service 
attack packets. 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified Cahill et al, as described above, by the teaching of Packer 
because rate control is introduced into a level of a packet communication environment at which 
there is a lack of data rate supervision to control assignment of available bandwidth from a 
single logical link to network flows [column 3, lines 22-32]. 

10. Claim 20 is rejected under 35 U.S.C. 103(a) as being unpatentable over Cahill et al U.S. 
Patent No. 6,535,855 Bl as applied to claim 16 above, and further in view of Bare U.S. 
Patent No. 6,456,597 Bl. 

As to claim 20, Cahill et al does not teach establishing at least one of a black hole host 
route to v as close as is possible to the source of the undesirable packets. Cahill et al does not 
teach establishing a special host route to v using the same next hop as an existing route, the 
special host route tracking changes in the existing route such that when a next hop for the 
existing route changes, the next hop for the host route changes similarly. Cahill et al does not 
teach establishing a rate-limit for packets addressed to v as close as is possible to the source of 
the denial-of-service attack packets. 
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Bare teaches establishing at least one of a black hole host route to v as close as is possible 
to the source of the undesirable packets [column 41 line 66 to column 42 line 45. Bare teaches 
establishing a special host route to v using the same next hop as an existing route, the special 
host route tracking changes in the existing route such that when a next hop for the existing route 
changes, the next hop for the host route changes similarly [column 38 line 33 to column 39 line 
13]. Bare teaches establishing a rate-limit for packets addressed to v as close as is possible to the 
source of the denial-of-service attack packets [column 77, lines 51-60]. 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified Cahill et al, as described above, so that a black 
hole host route would have been established as close as is possible to the source of the 
undesirable packets. A special host route using the same next hop as an existing route would 
have been established, the special host route tracking changes in the existing route such that 
when a next hop for the existing route changes, the next hop for the host route changes similarly. 
There would have been a rate-limit for packets addressed to v as close as is possible to the source 
of the denial-of-service attack packets. 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified Cahill et al by the teaching of Packer because using any of 
the above methods, you reroute any undesired packets away from the network. 
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Conclusion 



11. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Aravind K Moorthy whose telephone number is 571-272-3793. 
The examiner can normally be reached on Monday-Friday, 8:00-5:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R Sheikh can be reached on 571-272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 





